In a Denial-of-Service (DoS) attack, an attacker bombards a victim network or server with a large volume of message traffic. Handling this traffic consumes the victim's available bandwidth, CPU capacity, or other critical system resources, and eventually brings the victim to a situation in which it is unable to serve its legitimate clients. Distributed DoS (DDoS) attacks can be even more damaging, as they involve creating artificial network traffic from multiple sources simultaneously. In a “conventional” massive-bandwidth attack, the source of the attack may be traced with the help of statistical analysis of the source Internet Protocol (IP) addresses of incoming packets. The victim can subsequently filter out any traffic originating from the suspect IP addresses, and can use the evidence to take legal action against the attacker. Many attacks, however, now use “spoofed” IP packets—packets containing a bogus IP source address—making it more difficult for the victim network to defend itself against attack.
Voice over IP (VoIP) technologies are gaining popularity as a medium for voice telephony over the Internet. VoIP is a term used in IP telephony for a set of facilities for managing the delivery of voice information using the Internet Protocol (IP). In VoIP, voice information is transmitted in digital form in discrete packets, rather than using the traditional protocols of the public switched telephone network (PSTN). In addition to IP, most VoIP applications use two upper-level protocols: The Session Initiation Protocol (SIP) is used for signaling, and the real time protocol (RTP) is used for media transfer.
SIP is a protocol for initiating an interactive user session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. SIP is described in detail by Rosenberg et al. in “SIP: Session Initiation Protocol,” published as Request for Comments (RFC) 3261 (June 2002) of the Internet Engineering Task Force (IETF) Network Working Group, which is incorporated herein by reference. This RFC, as well as other IETF documents referenced hereinbelow, is available at www.ietf.org/rfc.html. SIP contains primitives that are used for call setup, call progress monitoring and termination. SIP is based on a request/response transaction model, wherein each transaction comprises a SIP request that invokes a particular method, or function, on the server and at least one SIP response. SIP is an application layer protocol that can use either the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) as a transport protocol.
RTP is an Internet protocol standard that specifies a method for managing the real-time transmission of multimedia data over either unicast or multicast network services. RTP is described in detail by Schulzrinne et al in “RTP: A Transport Protocol for Real-Time Applications,” published as IETF RFC 1889 (January 1996), which is incorporated herein by reference. RTP is an application layer protocol and uses UDP as its transport protocol.
The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which: